14 matches found
RockyLinux 10 : openssh (RLSA-2026:19069)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19069 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...
SUSE SLES12 Security Update : openssh (SUSE-SU-2026:2025-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2025-1 advisory. This update for openssh fixes the following issues Tenable has extracted the preceding description block directly from the SUSE security...
SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2026:1876-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1876-1 advisory. This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed...
openssh-10.3p1-4.1 on GA media (moderate)
openssh-10.3p1-4.1 on GA media Announcement ID: openSUSE-SU-2026:10804-1 Rating: moderate Cross-References: CVE-2026-35385 CVE-2026-35414 CVSS scores: CVE-2026-35385 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-35385 SUSE : 7.5...
OPENSUSE-SU-2026:20757-1 Security update for openssh
This update for openssh fixes the following issues Security issues fixed: - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Other issues fixed: - SSH port not reachable on...
openssh security update
An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...
CLSA-2026-1777466052 openssh: Fix of CVE-2026-35414
CVE-2026-35414: fix incorrect matching of the authorizedkeys principals="" option against certificate principals containing comma characters...
CLSA-2026-1777466402 openssh: Fix of CVE-2026-35414
CVE-2026-35414: fix incorrect matching of the authorizedkeys principals="" option against certificate principals containing comma characters...
CLSA-2026-1777591889 Fix CVE(s): CVE-2026-35414
SECURITY UPDATE: incorrect matching of authorizedkeys principals="..." option when a certificate principal name contains a comma character - debian/patches/CVE-2026-35414.patch: split principallist on commas and exact-match each entry instead of passing it to matchlist - CVE-2026-35414...
CLSA-2026-1777453856 openssh: Fix of CVE-2026-35414
CVE-2026-35414: fix incorrect matching of principals in the authorizedkeys principals="..." option when a certificate principal contains a comma character...
Photon OS 4.0: Openssh PHSA-2026-4.0-1002
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-35414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authorit...
CVE-2026-35414
OpenSSH CVE-2026-35414 affects OpenSSH before 10.3, where the authorized_keys principals option can be mishandled when a CA uses comma characters in a multi-principal scenario. Multiple connected advisories (IBM AIX advisory, Debian DLA, AlmaLinux/Almalinux, CloudLinux, and Amazon Linux ALAS entr...
CVE-2026-35414
OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...